TipiWiki2 is not secure, at least i have not aimed for that, because i am simply not very familiar with PHP and webserver security.
I think the data directory should be secured by prohibitting access by any user, just the PHPscript as to touch the files there. I'd be thankful for any advice how to achive this. TipiWiki 1 created the directory itself, so it could set its own permissions. Now there are default pages, so the data-directory has the permissions from the user, who extracts it. So long i suggest to manually modify the permissions.
chmod 700 data
chown apache:apache data